Active Directory PowerShell SharePoint SharePoint 2010 SharePoint 2013 SharePoint 2016 SharePoint Server Users and Groups 

Create SharePoint Group from Active Directory Group using PowerShell

Salaudeen Rajack 0 Comments

Requirement: Convert Active Directory Group into SharePoint Group!

Solution: Managing SharePoint users at Active Directory Security group and within SharePoint has its advantages and disadvantages too! Now, we require migrating from the AD group to the SharePoint group. So, let’s use PowerShell to create a new SharePoint group from the Active Directory security group. Here is my PowerShell script:

convert active directory group to sharePoint group using powershell

Create SharePoint Group from Active Directory Group:

If you have an existing Active Directory group, You may want to convert it to a SharePoint Group to remove the dependency on AD Administrator.

#Import Active directory & SharePoint PowerShell modules
Import-Module ActiveDirectory
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
  
#Variables for processing
$SiteURL="https://Intranet.crescent.com/"
$ADGroupName="SP13 Authors"
$SPGroupName="Content Authors"
$PermissionLevel="Full Control" #Permission to SPGroup
$Domain="Crescent" #AD Domain

#Get the Site collection's Root Web
$web = Get-SPWeb $SiteURL

#Check if Group Exists already
 if ($web.SiteGroups[$SPGroupName] -ne $null)  
 {  
  write-Host "Group Name Already in the site!!" -ForegroundColor Red 
 }  
 else  
 {  
  #Create New SharePoint Group
  $SPGroup = $web.SiteGroups.Add($SPGroupName, $web.Site.Owner, $web.Site.Owner, $null)
  #Get the newly created group and assign permission to it
  $SPGroup = $web.SiteGroups[$SPGroupName]  
  $RoleAssignment = new-object Microsoft.SharePoint.SPRoleAssignment($SPGroup)  
  $RoleDefinition = $web.RoleDefinitions[$PermissionLevel]  
  $RoleAssignment.RoleDefinitionBindings.Add($RoleDefinition)  
  $web.RoleAssignments.Add($RoleAssignment)  
  $web.Update()  
  Write-Host "New Group $SPGroupName has been created!" 
 
  #Get Members of AD Group
  $ADGroupMembers = Get-ADGroupMember -Identity $ADGroupName | Select-Object -ExpandProperty SamAccountName    
  Write-host "Total Users Found in the AD Group:"$ADGroupMembers.Count

  #Add Members to SPGroup from ADGroup
  $ADGroupMembers | ForEach-Object {
     #Convert to Domain\User format
     $UserID =  "$Domain\$_" 
     #Get Claims ID. E.g. Domain\User to i:0#.w|Domain\User
     $UserClaimsID = (New-SPClaimsPrincipal -identity $UserID -IdentityType "WindowsSamAccountName").ToEncodedString() 
     $SPGroup.Users.Add($UserClaimsID,"", "", "") 
     Write-host "User Added from AD Group to SharePoint Group:" $UserClaimsID
  }  
 }

Active Directory PowerShell Module:
You need to have an “Active Directory module for Windows PowerShell” in Windows Server 2008/2012 member servers. Use this PowerShell cmdlet to add this feature:

Add-WindowsFeature RSAT-AD-PowerShell

Alternatively, you can Go to: Server Manager >> Add Roles and Features >> Choose “Active Directory Module for Windows PowerShell” under Remote Server Administration Tools.

create sharepoint group from active directory group

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

Leave a Reply

Your email address will not be published. Required fields are marked *